Lucene search

[email protected]CVE-2012-1289

HistoryFeb 23, 2012 - 8:07 p.m.

CVE-2012-1289

2012-02-2320:07:25

CWE-22

[email protected]

web.nvd.nist.gov

cve

2012

1289

sap

netweaver

directory traversal

vulnerabilities

remote

authenticated

users

arbitrary files

logfilename

parameter

b2b

admin

log.jsp

log_view.jsp

internet sales

crm.b2b

ipc

application administration

com.sap.ipc.webapp.ipc

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a … (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.

Affected configurations

NVD

Node

sapnetweaverMatch7.0

CPENameOperatorVersion
sap:netweaversap netweavereq7.0

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.0

References

dsecrg.com/pages/vul/show.php?id=412

dsecrg.com/pages/vul/show.php?id=413

secunia.com/advisories/47861

www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

www.securityfocus.com/bid/52101

exchange.xforce.ibmcloud.com/vulnerabilities/73346

service.sap.com/sap/support/notes/1585527

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2012-1289

prion1 cvelist1 nvd1 openvas1